Senate probe into recent GCash system glitch, e-wallet phishing scams sought


A resolution seeking an official investigation on the recent spate of unauthorized transactions, scams and other irregulariteis involving GCash and other mobile financial services has been filed in the Senate.

 

Senate deputy minority leader Risa Hontiveros, in filing Senate Resolution No. 1234 said it is imperative for the Senate to review all existing rules and regulations governing the financial technology or “fintech” sector, since there is “no legislative framework yet in place to ensure stability and transparency, build public trust, and promote inclusion vis-à-vis this class of services.”

 

“Mobile financial services have become a part of daily life for millions of Filipinos, and the fintech sector has been an important driver of economic growth and financial inclusion,” Hontiveros stated in the explanatory note of the resolution.

 

“GCash alone has an estimated 76 million users who posted P6-trillion worth of transactions in 2022 - that is almost equal to our national budget next year,” she said.

 

Hontiveros pointed out many people benefit from mobile financial services, especially those who are "unbanked" or unable to open a bank account.

 

“Kailangan natin ng batas na poprotekta sa kapakanan ng bawat Pilipino na gumagamit ng digital wallets, lalo na kung may scam, hacking o ibang regularidad (We need a law that will protect the welfare of every Filipino who uses digital wallets, especially if there is a scam, hacking or other regularity),” she stressed.

 

In her resolution, Hontiveros cited the recent incidents and issues which have affected a number of fintech users, particularly the unauthorized transactions GCash users have experienced. 

 

GCash operator G-Xchange Inc. had attributed the transfers to errors in an “on-going system reconciliation process.” 

 

On the other hand, the Department of Information and Communications Technology (DICT) stated that the incident is “an internal issue” rather than external hacking.

 

But Hontiveros pointed “similar incidents occurred in 2023, in which multiple GCash accounts were compromised using phishing attacks staged through various online gambling platforms.” 

 

“The list of risks and complications which threaten the earnings of mobile financial service users grows longer everyday,” she said.

 

“We urgently need upgraded policies to ensure that mobile financial service providers and fintech firms observe the necessary level of care and accountability in handling digital transactions,” she further appealed.

 

Moreover, she said the DICT had also warned about phishing attempts disguised as official text messages from GCash or PayMaya, another fintech e-wallet service. 

The messages were supposedly sent using a device called an International Mobile Subscriber Identity (IMSI) catcher, which monitors and intercept mobile data traffic by posing as a cellsite.

 

"Kailangan natin aksyunan ang daing ng mga kababayan nating biktima ng scam o hacking sa mobile financial services, na tila walang mahingan ng tulong sa pagbawi ng natangay nilang pera (We need to act on the cries of our compatriots who are victims of scams or hacking in mobile financial services, who seem to have no help in recovering their stolen money),” she pointed out.

 

“We must implement a system that enhances regulatory oversight over the fintech sector, so Filipinos can trust that their hard-earned money is safe - even online,” she emphasized.

 

In a statement, GCash said it has completed the necessary wallet adjustments to its affected users, assuring customer accounts are safe.

 

“Customer account security will always be our top priority,” GCash said in a statement.

 

The fintech company also said it remains steadfast in its mission to provide reliable and secure financial services and commited to enhance their system and procedures. 

 

“We will continue to work with relevant law enforcement agencies to investigate these incidents, and we encourage our users to remain vigilant against scammers,” GCash further stated.